It doesn’t really do anything out of the box except log any requests which it *thinks* is an attack attempt. Things like alert emails and warning pages are not enabled by default.
You should have a table in your database named mscr_intrusions. This is where everything is logged.
The Mute Screamer settings page also has a number of other options that you can configure:
WP-Admin -> Settings -> Mute Screamer
To stop getting emails that you are attacking your own website you can do two things:
1. Disable Mute Screamer in WP Admin entirely, on the Mute Screamer settings page uncheck the box “Enable Mute Screamer for the WordPress admin”
2. Or you can exclude fields from the IDS by adding them to the exceptions list on the settings page.
Here is the default list that Mute Screamer uses on a fresh install:
REQUEST.permalink_structure
POST.permalink_structure
REQUEST.selection
POST.selection
REQUEST.content
POST.content
REQUEST.__utmz
COOKIE.__utmz
REQUEST.s_pers
COOKIE.s_pers
Those fields are the ones I have come across so far that have caused false positives in the WP Admin, so they are excluded by default.
If you find that a particular field is reporting too many false positives then you can add it to the exceptions list.
Note that if you add a field eg POST.my_field you will also need to add REQUEST.my_field
This is becuase Mute Screamer checks the globals $_REQUEST, $_GET, $_POST, $_COOKIE and in that order
